Foreman Setup (before puppet)
At this point, check the Installation manual, some things may have changed:
http://theforeman.org/manuals/1.1/index.html#3.InstallingForeman
And run the installer
ruby /usr/share/foreman-installer/generate_answers.rb
After Foreman has been installed, configure the firewall to allow ports 443 and 22 to the office, and 80, 8443, 8140 and 69 (udp) for the cluster network only. You should be able to connect to
https://foreman.lcg.cscs.ch
Then you need to configure Foreman. There is plenty of documentation, but one needs to understand its parts.
In order to understand how Foreman acts as an ENC (external node classifier), read this:
http://theforeman.org/manuals/1.1/index.html#4.2ManagingPuppet
Puppet configuration
Module standards
Modules should be written according to some standards:
- There should be a main class, with parameters, and good default values (Generic vs CSCS?). Puppet does an automatic Hiera search on every parameter (if not specified in the call)
- Modules should have non-destructive behavior (for running jobs). If something destructive should be done, do it only when the "maintenance" fact is set to true, and return some kind of warning (to alert the sysadmin that there is some action pending) and/or raise a nagios alert (with messages like "service maintenance needed" or "machine reboot pending").
- Modules should provide their own monitoring (for nagios)
- (for discussion) Modules should provide their own regression checks
- Modules should be properly documented, and branches (prod/test) kept in good shape, by its maintainer.
- Style guide: http://docs.puppetlabs.com/guides/style_guide.html
Procedures
- Collaborators would create their own development branch, modify, test, and propose the change to the maintainer.
Module organization
Other:
Obsolete
This is (for now) just notes for reference.
Then we need to configure what we've installed. I found a nice debian howto here, need to adapt a bit to rhel6.
https://host1.no/blog/puppet/how-to-install-puppet-and-puppet-dashboard/
--
PabloFernandez - 2011-08-25